Best Fuzz Testing Tools for FreeBSD

American fuzzy lop, a security-oriented fuzzer, uses a novel form of compile-time tooling and genetic algorithms to discover clean test cases that trigger internal states within the binary. This improves the functional coverage of the fuzzed codes. The compact corpora generated by the tool can also be used to seed other, more resource-intensive or labor-intensive testing regimes in the future. Afl-fuzz, in comparison to other instrumented fuzzers, is designed to be practical. It has a modest overhead, uses highly effective fuzzing techniques and effort minimization tricks. It requires little configuration and handles complex real-world use-cases, such as common image parsing and file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.

Honggfuzz, a software fuzzer focusing on security, is available. Supports evolutionary feedback-driven fuzzing (SW and Hardware-based) based on code cover. Honggfuzz is multi-processed and multi-threaded. You don't need to run multiple instances of your fuzzer as it can unlock all of your CPU cores. The file corpus will be automatically shared and improved among all fuzzed process. When persistent fuzzing is used, it's lightning fast. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Honggfuzz has a track record of discovering security bugs. The only vulnerability (to date) in OpenSSL that received the critical score was discovered by Honggfuzz. It will report hijacked/ignored crashes signals (intercepted by a fuzzed application and potentially hidden).

Radamsa generates test cases for robustness testing, or fuzzer. It is used to test a program's ability to withstand malformed or malicious inputs. It works by reading valid data files and generating different outputs. Radamsa's main selling points are that it has found a lot of bugs in important programs, is scriptable and easy to set up. Fuzzing is a technique to find unexpected behavior within programs. The idea is to simply subject the program to different inputs and observe what happens. This process has two parts: how to get the inputs, and what to do with them. Radamsa can be used to solve the first part. The second part is usually a shell script. The testers usually have an idea of what they don't want to happen and try to verify it.

Syzkaller is a kernel fuzzer that uses coverage to guide the fuzzing process. Supports FreeBSD Fuchsia gVisor Linux, NetBSD OpenBSD and Windows. Initially, syzkaller focused on Linux kernel fuzzing, but it is now being extended to other OS kernels. When syzkaller detects a crash in a VM, it will start the process to reproduce the crash. It will, by default, use 4 VMs in order to reproduce the crash. Then it will minimize the program which caused the crash. This could stop the fuzzing as all the VMs may be busy reproducing crashes. The time it takes to reproduce a crash can vary from a few seconds up to an entire hour, depending on how easily reproducible the crash is or if it cannot be reproduced at all.